[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Feb 26 20:23:47 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab0ccb6c by Salvatore Bonaccorso at 2020-02-26T21:23:34+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -60175,7 +60175,7 @@ CVE-2019-6746 (This vulnerability allows remote attackers to disclose sensitive
 CVE-2019-6745
 	REJECTED
 CVE-2019-6744 (This vulnerability allows local attackers to disclose sensitive inform ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2019-6743 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Xiaomi Mi6 Browser
 CVE-2019-6742 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -64181,7 +64181,7 @@ CVE-2019-5167
 CVE-2019-5166
 	RESERVED
 CVE-2019-5165 (An exploitable authentication bypass vulnerability exists in the hostn ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2019-5164 (An exploitable code execution vulnerability exists in the ss-manager b ...)
 	- shadowsocks-libev 3.3.3+ds-2
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0958
@@ -64193,7 +64193,7 @@ CVE-2019-5163 (An exploitable denial-of-service vulnerability exists in the UDPR
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0956
 	NOTE: https://github.com/shadowsocks/shadowsocks-libev/issues/2536
 CVE-2019-5162 (An exploitable improper access control vulnerability exists in the iw_ ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2019-5161
 	RESERVED
 CVE-2019-5160
@@ -64211,7 +64211,7 @@ CVE-2019-5155
 CVE-2019-5154 (An exploitable heap overflow vulnerability exists in the JPEG2000 pars ...)
 	NOT-FOR-US: LEADTOOLS
 CVE-2019-5153 (An exploitable remote code execution vulnerability exists in the iw_we ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2019-5152 (An exploitable information disclosure vulnerability exists in the netw ...)
 	- shadowsocks-libev <unfixed> (unimportant)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0942
@@ -64226,7 +64226,7 @@ CVE-2019-5150 (An exploitable SQL injection vulnerability exist in YouPHPTube 7.
 CVE-2019-5149
 	RESERVED
 CVE-2019-5148 (An exploitable denial-of-service vulnerability exists in ServiceAgent  ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2019-5147 (An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64 ...)
 	NOT-FOR-US: AMD ATIDXX64.DLL driver
 CVE-2019-5146 (An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64 ...)
@@ -64236,21 +64236,21 @@ CVE-2019-5145 (An exploitable use-after-free vulnerability exists in the JavaScr
 CVE-2019-5144 (An exploitable heap underflow vulnerability exists in the derive_taps_ ...)
 	NOT-FOR-US: Kakadu Software SDK
 CVE-2019-5143 (An exploitable format string vulnerability exists in the iw_console co ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2019-5142 (An exploitable command injection vulnerability exists in the hostname  ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2019-5141 (An exploitable command injection vulnerability exists in the iw_webs f ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2019-5140 (An exploitable command injection vulnerability exists in the iwwebs fu ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2019-5139 (An exploitable use of hard-coded credentials vulnerability exists in m ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2019-5138 (An exploitable command injection vulnerability exists in encrypted dia ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2019-5137 (The usage of hard-coded cryptographic keys within the ServiceAgent bin ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2019-5136 (An exploitable privilege escalation vulnerability exists in the iw_con ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2019-5135
 	RESERVED
 CVE-2019-5134
@@ -66651,9 +66651,9 @@ CVE-2019-4002
 CVE-2019-4001
 	RESERVED
 CVE-2019-4000 (Improper neutralization of directives in dynamically evaluated code in ...)
-	TODO: check
+	NOT-FOR-US: Druva inSync Mac OS Client
 CVE-2019-3999 (Improper neutralization of special elements used in an OS command in D ...)
-	TODO: check
+	NOT-FOR-US: Druva inSync Windows Client
 CVE-2019-3998 (Authentication bypass using an alternate path or channel in SimpliSafe ...)
 	NOT-FOR-US: SimpliSafe SS3 firmware
 CVE-2019-3997 (Authentication bypass using an alternate path or channel in SimpliSafe ...)
@@ -67625,7 +67625,7 @@ CVE-2019-3672
 CVE-2019-3671
 	RESERVED
 CVE-2019-3670 (Remote Code Execution vulnerability in the web interface in McAfee Web ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2019-3669
 	RESERVED
 CVE-2019-3668
@@ -91437,7 +91437,7 @@ CVE-2018-14707 (Directory traversal in the Drobo Pix web application on Drobo 5N
 CVE-2018-14706 (System command injection in the /DroboPix/api/drobopix/demo endpoint o ...)
 	NOT-FOR-US: Drobo 5N2 NAS
 CVE-2018-14705 (In Drobo 5N2 4.0.5, all optional applications lack any form of authent ...)
-	TODO: check
+	NOT-FOR-US: Drobo 5N2
 CVE-2018-14704 (Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS vers ...)
 	NOT-FOR-US: Drobo 5N2 NAS
 CVE-2018-14703 (Incorrect access control in the /mysql/api/droboapp/data endpoint in D ...)
@@ -95094,7 +95094,7 @@ CVE-2018-13315 (Incorrect access control in formPasswordSetup in TOTOLINK A3002R
 CVE-2018-13314 (System command injection in formAliasIp in TOTOLINK A3002RU version 1. ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2018-13313 (In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the  ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2018-13312 (Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0 ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2018-13311 (System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 ...)
@@ -254592,7 +254592,7 @@ CVE-2014-4023 (Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.j
 CVE-2014-4022 (The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, wh ...)
 	- xen <not-affected> (Only 32- and 64-bit ARM systems from Xen 4.4 onwards)
 CVE-2014-4019 (ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitiv ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2014-4018 (The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a defau ...)
 	NOT-FOR-US: ZTE router
 CVE-2010-5301 (Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab0ccb6cadf7c18845c03e841df47d6ec921ab83

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab0ccb6cadf7c18845c03e841df47d6ec921ab83
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200226/45e2a260/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list